We are looking for a Tier II Incident Response professional to join our team in Sterling, VA.
Utilize state of the art technologies such as host forensics tools(FTK/Encase), Endpoint Detection & Response tools, log analysis (Splunk) and network forensics (full packet capture solution) to perform hunt and investigative activity to examine endpoint and network-based data.
Conduct malware analysis, host and network, forensics, log analysis, and triage in support of incident response. Recognize attacker and APT activity, tactics, and procedures as indicators of compromise (IOCs) that can be used to improve monitoring, analysis and incident response. Develop and build security content, scripts, tools, or methods to enhance the incident investigation processes. Lead Incident Response activities and mentor junior SOC staff.
Work with key stakeholders to implement remediation plans in response to incidents. Effectively investigative and identify root cause findings then communicate findings to stakeholders including technical staff, and leadership. Flexible and adaptable self-starter with strong relationship-building and problem-solving abilities with an analytic and qualitative eye for reasoning. Ability to independently prioritize and complete multiple tasks with little to no supervision
The ideal candidate will have a basic understanding of cyber threats, information security, and monitoring and detection.
The candidate must be familiar with TCP/IP ports and protocols, intrusion detection systems, and netflow analysis.
Department of Homeland Security CBP SOC employees are required to have or be able to favorably pass a 5-year (BI) Background Investigation.
Between 1-3 years of Cyber Threat Analysis experience
Security+ Certification or equivalent in industry certification, background and knowledge.
Knowledge of TCP/UDP/IP networking, familiarity with packet analysis tools such as WireShark, and a general understanding of networking protocols similar to COMPTIA Network+
Experience in Federal Government, DOD or Law Enforcement in CND, IR or SOC role. Cyber Kill chain Knowledge.
Bachelor’s degree in Science or Engineering Field, IT, or Cybersecurity or related field
Must Have One of the Following Certifications
GCIH – GCFA – GCFE – GREM – GISF – GXPN – GWEB – GNFA – OSCP – OSCE – OSWP OSEE – CCFP – CISSP –CCNA – CCNP – CEH – CHFI – LPT – ESCA – ENSA – ECIH – ECSS – ECES – EnCE – FTK WFE-FTK – CIRC – WFE-E-CI – or FIWE.
An active Secret Clearance is required.
SSi is an equal opportunity employer regardless of race, color, religion, creed, sex, marital status, national origin, disability, age, veteran status, on-the-job injury, sexual orientation, political affiliation or belief. Employment decisions are made without consideration of these or any other factors that employers are prohibited by law from considering. Any discriminatory action can be a cause for disciplinary action. SSi also prohibits discrimination against individuals with disabilities and will reasonably accommodate applicants with a disability, upon request, and will also ensure reasonable accommodation for employees with a disability. Veterans are encouraged to apply.</